January 2026 Feature Updates
· 3 min read
- Certificate handling moved to a trait-based setup, with certs parameterized and date metadata added so the behavior could be driven instead of patched in place. Relevant commits:
8f0293fe(#368),da4675bb(#370),833c52ec(#371). - Signup and auth got a cleanup pass, including the signup info screen, UI changes, JWT claim updates, and the removal of the old role shift flow. Relevant commits:
ab15cda5,35b4b0e8(#374),da1f3806,be791d7b(#376). - Security headers were added, FHIR rate limiting was wired up, and the rate limit defaults were pulled into a more flexible setup. Relevant commits:
a3678568(#375),23583343(#378),af591548(#380),1f803166(#381),49563506(#382). - Client-side refresh token handling was cleaned up so auth failures and kind filtering behaved more predictably. Relevant commit:
996457b7(#442). - Request reflection landed in stages, including the init path, parameter reflection, and compartment support. Relevant commits:
a65715f9(#384),f5badc48(#385),025ef130(#386),29cfe396(#387),0f2d326c(#389). - Testscript work moved from the runner setup into CLI wiring, reporting, transaction bundle output, and CI automation. Relevant commits:
f19ae293(#390),e55e17c9(#392),e0fafe37(#393),76442742(#394),902feaab(#395),2fcd67fa(#397),1a30ffe4(#399),c02c11b6(#400),99d25db0(#401),f9266bb3(#402),d4395d66(#404). - The month also picked up website and docs changes, including the DataFlow site work and the benchmark blog post. Relevant commits:
aa0f4f56(#383),053e672a(#414),a5589bed(#431).